<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1175921925807459&amp;ev=PageView&amp;noscript=1">
Cyber Insurance

As Cyber Insurance Claims Soar, Businesses Need to Demonstrate a Standard of Care

Brian Thomas | September 13, 2019

Hardly a day goes by without the emergence of a disturbing new trend in cyber crime or headline-grabbing hack. Hackers are getting smarter and threat vectors are constantly evolving. The escalating threat is forcing businesses to file more cyber insurance claims than ever. But are they taking the proactive steps necessary to boost their security postures and become a better underwriting risk?

Cyber insurance claims double

According to a new study by AIG, claims frequency has spiked significantly. In 2018, there were as many cyber insurance claims as the previous two years combined, with business email compromise (BEC) overtaking ransomware as the primary claim.

Clearly, cyber insurance is fast becoming a “must-have” for any organization. However, because cyber incidents are becoming more complex and costly for insurers to investigate, companies are under increasing pressure to demonstrate a high standard of care when it comes to their security and third party management programs.

Insurers are careful to provide coverage to a business that is not aware of its own cyber security risk posture. Therefore, in seeking cyber insurance or filing a claim, companies must demonstrate that they are doing everything they can to protect themselves from attacks. 

Here are some tactics that businesses can take to gain the trust of underwriters and protect themselves from the rising cost of cyber crime.

Adopt a hackers viewpoint

Organizations must work towards a greater understanding of how hackers see their network, including its systems, high-value targets, and vulnerabilities. By thinking like a cybercriminal and seeing what they see, organizations can better anticipate attacks before they occur. 

To adopt this viewpoint, organizations must be more vigilant in visualizing and quantifying the performance of their cybersecurity program. With a better understanding of how their security apparatus is performing, organizations can also demonstrate a standard of care to their insurer which is beneficial in the event of a breach or compromise.  

Be diligent with vendor selection

Currently, 59% of breaches originate with third-party vendors. Yet, organizations are struggling to make significant progress in managing cybersecurity risk in their supply chains because they lack transparency into the security posture of these partners. This blindspot of their enterprise security risk can cause them to fail to secure the right level and type of insurance coverage. 

Rather than be handicapped by their inability to identify risky vendors and potential third-party vulnerabilities, organizations can use security ratings to quickly identify risk in their supply chain and help put procedures in place to protect their organization from an attack and demonstrate due diligence to insurers. 

Turn the C-suite’s gaze beyond the headlines

In a dynamic threat environment, it’s all too easy for the C-suite and Board of Directors to get distracted by the latest headlines and steer resources in a reactive manner. But risks are always changing - today it’s phishing scams, but tomorrow it may be something else. Executives can’t afford to lose sight of the long term threat picture, or else risk a significant hit to their organizations’ reputations or heavy fines.  

CISOs must look beyond the four walls of the SOC and build bridges with other stakeholders, including the CEO, CTO, and legal counsel, to clearly and succinctly articulate how cybersecurity impacts their organization and the value and limits of their cyber insurance program. Simultaneously, CISOs can’t be insulated, either; they must be continually vigilant about potential risks that may fall outside of their purview. 

Don’t turn insurance into a catch-all

Cyber insurance has become a necessary component of doing business, but it can’t be a catch-all. Companies still need to be proactive in their approach to security, less insurance fails to adequately cover their risk exposure. Organizations must show the insurers that they’re serious about security by implementing a prolonged and proactive approach to risk management.  

 

 

Download "How to Protect Your Digital Supply Chain" Whitepaper

Suggested Posts

As Cyber Insurance Claims Soar, Businesses Need to Demonstrate a Standard of Care

Hardly a day goes by without the emergence of a disturbing new trend in cyber crime or headline-grabbing hack. Hackers are getting smarter and threat vectors are constantly evolving. The escalating threat is forcing businesses to file more

READ MORE »

BitSight EXCHANGE Sound Bites: Transferring Risk Through Cyber Insurance

In the months since BitSight’s inaugural EXCHANGE forum inaugural EXCHANGE forum, we have been digesting and processing the incredible sessions and discussions that came about from this forum. It was a great event that brought together...

READ MORE »

Silent Cyber: What It Is & How You Can Avoid It

Companies typically buy several lines of insurance—from property, to general liability, to professional liability. When something goes wrong, it’s common for a company to run to its insurance provider and claim that it has coverage. But...

READ MORE »

Subscribe to get security news and updates in your inbox.